One of the blockbuster talks at last year’s Chaos Communications Congress covered how a group of hackers discovered code that allegedly bricked public trains in Poland when they went into service at a competitor’s workshop. This year, the same group is back with tales of success, lawsuits, and appearances in the Polish Parliament. You’re not going to believe this, but it’s hilarious.
The short version of the story is that [Mr. Tick], [q3k], and [Redford] became minor stars in Poland, have caused criminal investigations to begin against the train company, and even made the front page of the New York Times. Newag, the train manufacturer in question has opened several lawsuits against them. The lawsuit alleges the team is infringing on a Newag copyright — by publishing the code that locked the trains, no less! If that’s not enough, Newag goes on to claim that the white hat hackers are defaming the company.
What we found fantastically refreshing was how the three take all of this in stride, as the ridiculous but incredibly inconvenient consequences of daring to tell the truth. Along the way they’ve used their platform to speak out for open-sourcing publicly funded code, and the right to repair — not just for consumers but also for large rail companies. They are truly fighting the good fight here, and it’s inspirational to see that they’re doing so with humor and dignity.
If you missed their initial, more technical, talk last year, go check it out. And if you ever find yourself in their shoes, don’t be afraid to do the right thing. Just get a good lawyer.
This case also reminds us that white-hat hackers need to be very careful about the actions that they take and also should document all their steps carefully. The corporations have no problems lying about what the hackers did, so it is very important to have evidence otherwise.
This case and the case with VW diesel vehicle pollution show that corporations have no ethics, and that software is fair game for implementing bad behavior. It is a good argument against firmware protections that keep the code hidden. Unfortunately, such protections and the complexity and universality of software mean that we can only expect more such bad behavior in the future, much of which will never come to light.
The question of corporate ethics is about liability – limited liability as defined in the laws – which insulate the corporate owners and investors of all wrongdoings unless they directly order the actions. The CEO and the upper management are just the fall guys who can be hired and fired as needed, and offered great big bonuses for keeping their mouths shut.
More precisely, there is a limited liability for contracts, which means the shareholders aren’t liable for more than they invested in the company. Then there’s limited liability for torts, or damage caused by the company and lawsuits against the company, and it’s this second allowance that is the problem.
The first point was made so the major shareholders and owners of a corporation wouldn’t simply sell themselves out and leave the remaining investors with all the debts of a failing company. The second point was made on pure crony capitalism, where the corporate owners persuaded the governments to give them a get-out-of-jail card.
It’s simpler than that. There are no corporate ethics, only corporate charters. The question is about money, which supersedes liability among other things.
If they gain more income/costs less to break the law, that’s what they will do, otherwise they will follow it.
If governments are going to allow corps to exist, then the government is responsible for making laws – and penalties for breaking them – align to that simple formula to drive their actions as desired.
Individual people may act good even when there’s no risk of punishment, but a multitude of people will always include some who break the rules if they imagine they can get away with it. That’s why “ethics” for the masses, whether it’s people or corporations, is the same as maintaining liability.
The corporation is responsible to its shareholders. Now, a share is just another poker chip you play with, buy and sell, and if the price goes up because the company is breaking the law – who cares? It’s not your responsibility. Imagine if every person who has any stake in the business has to pay for the damages in proportion to their investment: suddenly it becomes a “shareholder interest” to abide by the laws and all the shareholders would be very interested in what the upper management is doing with their money.
Or in this case and many others, NOT making and maintaining laws and legal fictions that give unwarranted favors and powers to corporations and their owners.
Crony capitalism is a two-way deal: the government makes laws that are easily abused or designed to be abused by particular people, and then the pundits demand more power to the government to “regulate” the society to help with the problems that they themselves have caused, which in turn translates into more power to the corporate cronies through regulatory capture. In effect, the people who are selling you “well regulated capitalism” are the very same who should be regulated. Who regulates the regulators?
It is similar with environmental protest where protestors get tied up with charges and long court processes that keep them silenced. Corporations in cahoots with government, political donations etc…
No it’s not.
Yes it is.
Regatdless the ‘just get a lawyer’ quote makes my skin crawl. Generally lawyers are quite expensive, whith no guarantees you’ll win, thus ending up potentially with having to pay for the others lawyer fee’s too!
If court anf law and layers only where something aforedable to the layman … without having to think ‘oh shit I may need a lawyer never mind I couln’t ever afford that, best to just give in and be quiet’.
Some environmental protests are just astroturfed politics and “little green men” protecting corporate or national interests.
https://en.wikipedia.org/wiki/Steven_Donziger
The company NEWAG went also after member of parliament Paulina Matysiak who was head of infrastructure/transportation comitee – shes rare example of MP who really knows what she talks about when it comes to infrastructure especially transportation. Company owner is no.30 on list of richest Poles and probably 1% of richest Europeans with deep pocket and ties.
And there’s at least some highly-placed politicians in their direct pockets, going by how a bunch of them gatecrashed the parlimentary committee just long enough to force through a vote to close it.
I know nothing of Polish political functioning. Buttttt… so they have equivalent of pardon system? Like some high ranking official can just dismiss these lawsuits out of hand? Could be an incredibly strong political stance that the government won’t be taken advantage of. Of course the cynical side of me (and HaD comments on this story over the months) makes me think that can never happen because the government people awarding the contracts are in bed with and just as corrupt as the companies pulling this crap.
*Do they!!!
Ultimately it doesn’t matter how bribed/beholden to their paymasters the politicians are, if they are blackmailed etc as if the population enmass demands something the politician can’t really ignore them. They can play lots of games to try to delay, obfuscate and break up the popular support, or distance themselves passing the buck to the courts or something but in the end even a dictatorship won’t survive going against a population that has decided enough is enough.
Though I personally don’t think you want to just pardon people like this justified as it would be and annoying as it is for the whitehats. As going through the legal process publicly to really grind the company down AND prove that new regulation etc has to be a good thing. Any ‘immunity’ or ‘pardon’ type system short circuits the opportunity to really reveal and then burn the bad business practices that just hurt the consumer out levelling the playing field for the honest business. Which then makes it much easier to get the public support for giving the contracts even to that ‘expensive’ but legitimately good business, as you can point to much lower total costs when you’re not locked into a service model.
Ever heard of the story of boiling a frog? The major 20th century dictatorships did not fall into popular uprisings, but simply because these states mismanaged their economies so badly that they had to give up. The people never revolted until the state crumbled under its own incompetence.
That is an entirely different point – mine is a dictatorship despite being the kind of government that tends to be able to do whatever the boss wants as long as he keeps the army/secret police on side can’t actually endure WHEN the people decide enough is enough. Your point appears to be that such a population doesn’t always make that decision before the regime collapses in some other way, which is true but also an entirely different point!
That is the point. Insofar as people are generally risk-averse, they would rather pick small fights among themselves for scraps rather than sacrifice themselves in the big fight against the system. At some point the general public becomes so exhausted that they cannot pick a fight against the system anymore.
There is unlikely to be a “when” if the situation is left to develop gradually over time. If you throw the frog in a boiling pot of water, it will try to leap out, but if you let it swim in cold water and gradually bring up the heat, they’ll pass out before they notice that they’re being boiled alive.
Point being that any dictator knows this: they can’t abuse the people too much or the people would fight back and throw them out – so they break the rules a little here, a bit there, get rid of their political opposition one by one, and gradually over time the level of corruption increases.
Also, if you remember, the Soviet Union had specific policies of relocating people from the countries they invaded to some backwater territories, replacing the people with ethnic Russians in order to break up nationalistic sentiments.
A dictator or dictator-wannabe will tell you that your inclinations for self-determination are anti-social or “fascistic” and sells the public the idea that the system knows better what the people need, better than the people themselves. It’s for your own good – even if it turns out to be corruption some 20-30 years later.
The secret to rising power as a dictator is getting the people to agree that your abuse of power over them is justified, which is another reason why the people won’t try to revolt until they can’t anymore.
Which is still an entirely different point Dude, the methods of dictatorship and their success/failure methods have no bearing on what happens when the population or enough of it anyway has had enough of your BS.
Just because the Soviet’s fell apart in a particular fashion doesn’t mean every dictator fails the same way either. Some start what should be easy wars and will then flee with as much wealth as they can when their corrupt and inept management of the nation means they manage to loose what should be a push over. Others will start a war (or maybe a coldwar) against a on paper more near rival nation, usually to similar ends, even if the corruption is orders of magnitude lower as all your own people know this fight is one they won’t survive skimming so greedily. Then you have the ones that rile a large enough portion of their population up and end up shorter by one head, or find one of their junior officers has plotted a successful coup etc… Lots of ways for a dictator to fail.
But the one thing that is certain is no matter how slowly you boiled your frog IF you set off you serfs/slaves/peasants you will lose, as there are 100’s, 1000’s maybe even more of them for each ‘loyalist’ you have, and none of those folks are likely actually loyal and desperately looking for a way to sell you out so they can be a ‘man of people’ and still get to keep at least some of their wealth/position…
Of course it does. If you’re a society of destitute serfs with practically no freedom of speech, opinion, assembly or movement, and you’re surrounded by state militia and , what can you do? The question still stands: why didn’t the people in the 20th century dictatorships, and today’s autocracies for that matter, simply revolt? Answer: because they can’t even organize the attempt.
Psychologically speaking, the earlier theory of learned helplessness suggested that people assume control or power if you give them the opportunity, but later findings show that people start from the assumption that they have no power. People living under oppressive regimes simply treat it as normal and may not necessarily even think they can change anything – and what change would they think about under a system of controlled information anyways? Even when they’ve “had enough”, they simply see no way out.
Dictators fail when they mismanage their economies to the point that they run out of resources to control their people. That’s not the only way to fail – just the ultimate way it goes down. There’s a curious fact though that the 20th century failed dictatorships tended to be continued as dictatorships under different leaders after a brief period of “reconstitution” – exactly because the population still thinks the only problem is the leadership and not the system itself.
That’s a contradiction in terms – to boil the frog slowly enough means that you don’t let the people understand what’s happening until it’s too late to do anything about it. There is a point of no return after which the population is either too ill-informed and culturally insulated to accept the very idea that their system is wrong, or too powerless to rise up.
There’s presidential pardon and current president likes to protect his party from justice system. But for pardon to work first court has to rule them guilty and the rulling must be idk how to translate it but legal binding – either after lower court verdict noone apeals or if any side apeals then after the apeal court verdict. But this case still isn’t in court its only on prosecution and special services investigation levels they still havent found who “tampered” with systems or if there was outside tampering. Knowing how powerful (30tieth richest Pole also owner of mint that stamps coins for not only Poland but half of world) is NEWAG owner my guess is this case is going nowhere. I doubt anything happens to DragonSector guys they seem proffesional enough in logging their work and make it clean from legal side. But i highly doubt NEWAG is going to be punished my guess is either they won’t “find” guilty persons or they will get some low ranking engineer the fall guy.
This link working for anyone? I get a ‘not found’ message for downloads and a non-playing web video player.
I know nothing of Polish law, but I do know the role of an attorney. We’re flabbergasted at the idea that the corporate attorney hit the white hat hackers with what we see as rather obvious “shut up. shut up! shut up!!” lawsuits even when the company was caught red-handed. The role of the corporate attorney is to invent a way to save or lessen the fallout of corporate mistakes. So on one hand I’d wish the company would do the right thing, admit wrongdoing, and do what it can to make it right, however the more realistic scenario is the one that is developing, “we did no wrong, stop talking about how we’re wrong, we’re going to sue you unless you stop talking!” My point is, don’t blame the attorney for doing what they’re paid to do. Slyly admire them for coming up with anything when clearly there’s nothing to stand on.
The key is to just never have enough money to worry about it. What can they get from you in a civil suit if you’re broke? Just keep posting whatever you want.
Bravo!
Wow. I’m guessing these people indeed have jobs given their skill set. I don’t think “keep it up! But just be poor” is a valid way for the majority of the population to go about their lives. And if you have a family, at least in US they will garnish your wages and bring the pain for your ability to support your self and family.
“I don’t think “keep it up! But just be poor” is a valid way for the majority of the population to go about their lives.”
I do.
Note to myself: Retry downloading the .wbm when https://cdn.media.ccc.de is more responsive ( when https://cdn.media.ccc.de is beyond the DDoS )
Question for CCC media people: What about torrents?
I had built-in torrent support in elinks web browser in 2003.
CCC media should use Peertube, and web browsers should support i2p/tor/torrent/magnet protocols.
Brave is doing a great job on that front.
CCC infrastructure people know their stuff – they routinely handle basically the highest internet traffic density in the world during the Congress. Anything you could suggest as an alternative to their stack is guaranteed to buckle, possibly unless you’re YouTube (and they would be rejected on ethical grounds by the CCC anyway.)